From e696bec76e4f852cb28f27c50c95d3504fba559e Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Wed, 13 Dec 2023 11:37:48 -0300 Subject: QDataStream & QResource: document their lack of security-hardening Pick-to: 6.7 6.6 6.5 Fixes: QTBUG-120012 Task-number: QTBUG-119178 Change-Id: I6e2677aad2ab45759db2fffd17a06af730e320d6 Reviewed-by: Ievgenii Meshcheriakov Reviewed-by: Volker Hilsheimer --- src/corelib/serialization/qdatastream.cpp | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'src/corelib/serialization/qdatastream.cpp') diff --git a/src/corelib/serialization/qdatastream.cpp b/src/corelib/serialization/qdatastream.cpp index fda399512dc..0c2174b9723 100644 --- a/src/corelib/serialization/qdatastream.cpp +++ b/src/corelib/serialization/qdatastream.cpp @@ -164,6 +164,27 @@ QT_BEGIN_NAMESPACE If no full packet is received, this code restores the stream to the initial position, after which you need to wait for more data to arrive. + \section1 Corruption and Security + + QDataStream is not resilient against corrupted data inputs and should + therefore not be used for security-sensitive situations, even when using + transactions. Transactions will help determine if a valid input can + currently be decoded with the data currently available on an asynchronous + device, but will assume that the data that is available is correctly + formed. + + Additionally, many QDataStream demarshalling operators will allocate memory + based on information found in the stream. Those operators perform no + verification on whether the requested amount of memory is reasonable or if + it is compatible with the amount of data available in the stream (example: + demarshalling a QByteArray or QString may see the request for allocation of + several gigabytes of data). + + QDataStream should not be used on content whose provenance cannot be + trusted. Applications should be designed to attempt to decode only streams + whose provenance is at least as trustworthy as that of the application + itself or its plugins. + \sa QTextStream, QVariant */ -- cgit v1.2.3